Are Spammers Using Your Web Site?
Last week we had a spammer test one of our contact forms (on another web site) until they found a potential vulnerability. I’m still not sure whether the spammer was successful in sending anything as all the log files were full of errors. In any case, we quickly locked down all our scripts and included some extra levels of security just to be sure.
The most interesting part of the attack was what happened afterwards and where the attack came from. Our exploitedform.php must have been put on some sort of attack list. Over the next few days we received repeated attempts to use exploitedform.php to send spam. These attempts failed each time and we set traps to log IP addresses and the attack strings.
It seems the attempts to use exploitedform.php came from a whole range of IPs, most likely a bot network. This bot network would consist of thousands of PCs that had been turned into zombies.
It amazes me to see how far a spammer will go to send their sh*t. They must somehow infect PCs around the world to turn them into zombies, then send out commands to these zombies to scan web sites for vulnerabilities, and then they go ahead and exploit a network of vulnerable sites to send spam. Even though they’re a$$holes, the software that powers all that must be quite impressive..
Still, it’s time to work out a way to shut these botnets and spammers down. More thoughts to come in future postings…
March 1st, 2006 at 3:49 am
[…] I recently wrote about how spam bots were using my site to send spam. To combat this I did a thorough security check of both my web forms and my customers. A little bit of sanitization/validation code and everything was locked down. The bad part was the spam bots still kept hitting the previously-vulnerable php script trying to exploit it. Obviously they failed, but there were tens of bots hitting the site. […]